RE: N$ SSL vs M$ PCT

• To: JohnHemming@mkn.co.uk, www-security@ns2.rutgers.edu
• Subject: RE: N$ SSL vs M$ PCT
• From: Jonathon Tidswell <t-jont@microsoft.com>
• Date: Mon, 2 Oct 95 18:13:39 TZ

At the risk of getting my head cut off
[ I have had no part in the PCT effort and have done no more than skim 
the draft. ]

 "John Hemming CEO MarketNet"  <JohnHemming@mkn.co.uk> wrote:

| 2. Message authentication uses different keys to the encryption keys.  How
| this helps, apart from making implementation harder, I cannot quite 
fathom.  We
| should not be using this secure channel protocol for proper message 
authentication
| only.  The MAC (Message Authentication Code) is not what I would use for
| authentication from a legal and contractual background.  I prefer 
Digitally Signed
| Instructions.

I thought this was to allow the use of stronger keys for authentication 
while still using weak keys for encryption (ITAR rearing its ugly head.)

- Jon T

• RE: N$ SSL vs M$ PCT
• From: "Donald E. Eastlake 3rd" <dee@cybercash.com>

• Previous: CA heirarchy vs Web of Trust
• Next: Re: DNS Security ( was Re: NetScape's dependence upon RSA down...)
• Index(es):
  • Index
  • Thread